Re: Support for SSH and Other Arbitrary Signed Challenges

30 views

Skip to first unread message

David Timothy Strauss

unread,

May 18, 2018, 6:25:31 PM5/18/18

to FIDO Dev (fido-dev)

This carries forward a discussion [1] from the WebAuthN list that was off-topic there.

On Thu, May 17, 2018 at 11:13 PM Adam Powers <REDA...@fidoalliance.org> wrote:

> Since Christiaan mentioned sshd, here are some notes on how to implement FIDO in sshd (should anyone be looking for a weekend project):

> https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-April/036885.html

I came across that work as part of attempting my agent proof-of-concept. The corresponding patches didn't make progress upstream, and there isn't a clear path for making a better proposal for FIDO support in the SSH ecosystem.

Adding support to sshd for the existing FIDO signature format is a bit weird because it's not really a new key format (still ECDSA) but it would require support for a new signature format. Key and signature formats are generally a 1:1 concern in the world of SSH. Without support for signing arbitrary data, we're left with some unappealing options to leverage FIDO:

We could allow people to publish their tokens as ECDSA (in the authorized keys file), but authentication would mysteriously fail on older sshd instances that support ECDSA keypairs but not FIDO-style signatures. This would confuse users.
We could create a new key format that isn't really a new key format but just uses FIDO-compatible signatures. This would take 10+ years to roll out; even ECDSA isn't supported everywhere, particularly for cloud services that let you upload keys.
We could extend the entire signing chain (from the agent on the client through verification within sshd) to support a prefix on the signed data in a more generic way. This would similarly take a long time to roll out and get adoption, as this also requires server and client changes.

Similar issues exist for other integrations that aren't greenfield uses of FIDO signatures. I suppose one answer is using a more traditional smart card (OpenPGP or PKCS#11), but both have cost and setup complexity issues that FIDO doesn't. We use OpenPGP-based smart cards for our employee SSH access, but it's not something I'd wish on anyone.

[1] https://lists.w3.org/Archives/Public/public-webauthn/2018May/0369.html

Reply all

Reply to author

Forward

0 new messages